GRE Tunneling

Lesson 9/13 | Study Time: 60 Min

Course: Routing Lab: Hands-On Networking

Task

● Create a GRE tunnel between R1 and R3 using the IPv4 addresses 172.16.0.Y/24, where Y is the router number.

● The tunnel should be sourced from and destined to these devices’ VLAN 13 IPv4 addresses.

● Configure static routes so that traffic between R1 and R3 Loopback0 networks is routed over the tunnel.

● Use traceroute on R1 and R3 to verify that this configuration is functional.

Explanation

Generic Routing Encapsulation (GRE) tunneling is used to take another protocol payload, such as IPv4, IPv6, IPX, etc., and tunnel it over an IPv4 or IPv6 transit network, by using IP protocol number 47.

In this case, GRE is used to tunnel IPv4 packets between the Loopback0 networks of R1 and R3. Because the GRE tunnel is configured as point-to-point, static routes can be configured to point out the Tunnel directly, and a next-hop address is not required.

We can verify that traffic between these networks is going out the tunnel because the traceroute output shows only one hop between the networks, which is the GRE tunnel.

show ip route 10.1.3.3

Routing entry for 10.1.3.3/32

Known via "connected", distance 0, metric 0 (connected)

Routing Descriptor Blocks:

* directly connected, via GigabitEthernet0/0

Route metric is 0, traffic share count is 1

traceroute 10.1.3.3

Type escape sequence to abort.

Tracing the route to 10.1.3.3

VRF info: (vrf in name/id, vrf out name/id)

1 10.1.3.3 4 msec * 5 msec

show ip route 10.1.1.1

Routing entry for 10.1.1.1/32

Known via "connected", distance 0, metric 0 (connected)

Routing Descriptor Blocks:

* directly connected, via GigabitEthernet0/0

Route metric is 0, traffic share count is 1

traceroute 10.1.1.1

Type escape sequence to abort.

Tracing the route to 10.1.1.1

VRF info: (vrf in name/id, vrf out name/id)

1 10.1.1.1 4 msec 4 msec *

Verify the GRE tunnel state and encapsulation, and notice that MTU has been automatically lowered to accommodate the new IP header of 20 bytes and GRE header of 4 bytes.

show interfaces tunnel13

Tunnel13 is up, line protocol is down

Hardware is Tunnel

Internet address is 172.16.0.3/24

MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation TUNNEL, loopback not set

Keepalive not set

Tunnel linestate evaluation down - no output interface

Tunnel source 172.16.13.3, destination 172.16.13.1

Tunnel protocol/transport GRE/IP

Key disabled, sequencing disabled

Checksumming of packets disabled

Tunnel TTL 255, Fast tunneling enabled

Tunnel transport MTU 1476 bytes

Tunnel transmit bandwidth 8000 (kbps)

Tunnel receive bandwidth 8000 (kbps)

Last input never, output never, output hang never

Last clearing of "show interface" counters 00:11:05

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/0 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts (0 IP multicasts)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 unknown protocol drops

0 output buffer failures, 0 output buffers swapped out

To verify that packets are GRE encapsulated, we can use the embedded packet capture feature.

monitor capture GRE match any interface GigabitEthernet0/0.13 both
monitor capture GRE start
!
ping 10.1.3.3 source loopback0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.3.3, timeout is 2 seconds:

Packet sent with a source address of 10.1.1.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 2/4/5 ms!

monitor capture GRE stop
!
show monitor capture GRE buffer brief 

 -------------------------------------------------------------

 #   size   timestamp     source             destination   protocol

 -------------------------------------------------------------

   0 122    0.000000    FE80: *:2E27     ->   FF02: *:0001     IPv6-ICMP

   1 142    8.135003   172.16.13.1       -> 172.16.13.3       GRE

   2 142    8.135995   172.16.13.3       -> 172.16.13.1       GRE

   3 142    8.137002   172.16.13.1       -> 172.16.13.3       GRE

   4 142    8.137002   172.16.13.3       -> 172.16.13.1       GRE

   5 142    8.137994   172.16.13.1       -> 172.16.13.3       GRE

   6 142    8.137994   172.16.13.3       ->  172.16.13.1       GRE

   7 142    8.139001   172.16.13.1       -> 172.16.13.3       GRE

   8 142    8.139001   172.16.13.3       -> 172.16.13.1       GRE

   9 142    8.139001   172.16.13.1       -> 172.16.13.3       GRE

  10 142    8.139993   172.16.13.3       -> 172.16.13.1       GRE

no monitor capture GRE

Configuration

interface Tunnel13
ip address 172.16.0.1 255.255.255.0
tunnel mode gre ip
tunnel source 172.16.13.1
tunnel destination 172.16.13.3
no shutdown
!
ip route 10.1.3.3 255.255.255.255 Tunnel13

R3:

interface Tunnel13
ip address 172.16.0.3 255.255.255.0
tunnel mode gre ip
tunnel source 172.16.13.3
tunnel destination 172.16.13.1
no shutdown
!
ip route 10.1.1.1 255.255.255.255 Tunnel13

Previous Lesson Next Lesson

Gautam Kumar

Product Designer

★★★★★ 4.93

Profile Book a Meeting

Class Sessions

1- Routing to Multipoint Broadcast Interfaces 2- NBMA Interfaces 3- Longest Match Routing 4- Floating Static Routes 5- Reliable Static Routing with Enhanced Object Tracking 6- Policy Routing 7- Reliable Policy Routing 8- Local Policy Routing 9- GRE Tunneling 10- GRE Tunneling and Recursive Routing 11- GRE Backup Interface 12- GRE Reliable Backup Interface 13- ODR - On-Demand Routing